Terminal Services (TS) Remote Configuration Primer Part 1

Terminal Services (TS) Remote Configuration Primer Part 1

  • Comments 10

 

How to enable/disable TS connections remotely

 

Hello, my name is Soo Kuan Teo, I work on the Terminal Services Team. I would like to take this opportunity to begin sharing configuration features in TS.

TS is about remotability. It allows users and administrators to access their computer resources remotely, just as if those computer resources are available locally. TS has a WMI provider with a rich set of class templates that allows TS to be configured remotely or locally.

Please note that in Win2k3/XP, the TS WMI provider is grouped in root/cimv2 namespace. In Vista, it is grouped in root/cimv2/TerminalServices namespace. WMI security impersonation level wbemImpersonationLevelImpersonate and security authentication level wbemAuthenticationLevelPktPrivacy settings are also required for Vista. Please visit here for more info on Terminal Services WMI provider. Here is a good place to start if you want to learn more about WMI in general.

To check the TS Connections setting, you can use the read-only property AllowTSConnections in class template Win32_TerminalServiceSetting

To change the TS Connections setting, you can use the Method SetAllowTSConnections in class template Win32_TerminalServiceSetting.

There are several ways to use TS WMI, the easy way is through scripting. For example, in vbs,

First we get the wbemService object:

Set Service = GetObject("winmgmts:{authenticationLevel=PktPrivacy}!root\cimv2\TerminalServices")

Then we get the instance of class template Win32_TerminalServiceSetting

Set objSet=Service.ExecQuery("select * from  Win32_TerminalServiceSetting”)

Now we can use the instance of Win32_TerminalServiceSetting to query/set setting:

for each obj in objSet
     wscript.echo "Remote Desktop is " & obj.AllowTSConnections
     ' toggle setting
     obj.SetAllowTSConnections 1-obj.AllowTSConnections
     obj.refresh_
     wscript.echo "New Remote Desktop setting is " & obj.AllowTSConnections

next

 

The complete vbs script for changing TS connections locally is:

Set Service = GetObject("winmgmts:{authenticationLevel=PktPrivacy}!root\cimv2\TerminalServices")

set objSet=Service.ExecQuery("select * from  Win32_TerminalServiceSetting")

for each obj in objSet

         wscript.echo "Remote Desktop is " & obj.AllowTSConnections
         ' toggle setting
         obj.SetAllowTSConnections 1-obj.AllowTSConnections
         obj.refresh_
         wscript.echo "New Remote Desktop setting is " & obj.AllowTSConnections
next

 

Similarly, we can use the wmi moniker feature to simplify the remote case:

Set Service = GetObject("WinMgmts:{impersonationLevel=impersonate, authenticationLevel=PktPrivacy}" _
& "!\\RemoteServer\root\cimv2/TerminalServices")

set objSet=Service.ExecQuery("select * from  Win32_TerminalServiceSetting")
for each obj in objSet
         wscript.echo "Remote Desktop is " & obj.AllowTSConnections
         ' toggle setting
         obj.SetAllowTSConnections 1-obj.AllowTSConnections
         obj.refresh_
         wscript.echo "New Remote Desktop setting is " & obj.AllowTSConnections
next

 

I also  attached a sample script that  allows you to use different Admin user credentials than the user account that runs the script. Please run cscript LHEnableRemoteDesktop.vbs /? for more info.
The attached sample script works in Vista only. If you want to make it work in Win2k3/XP, all you need to update is its namespace from "root/cimv2/TerminalServices" to "root/cimv2".

 

Another easier way to access WMI providers is through the use of WMIC
To query TS Connections setting:

wmic RDToggle get AllowTSConnections

 

To set Terminal Services connections setting:

wmic RDToggle where servername=”ServerName" call SetAllowTSConnections 1

 

We can use the WMIC global switches for the remote case:

To query the TS connections setting:

wmic /node:"RemoteServer" /user:"domain\AdminUser" /password:"password" RDToggle where servername="RemoteServer" get AllowTSConnections

 

To enable Terminal Services connections:

wmic /node:"RemoteServer" /user:"domain\AdminUser" /password:"password" RDToggle where servername="RemoteServer" call SetAllowTSConnections 1

 

As a side note, in general for WMI to work properly, you need to:
                For Vista and win2k3/XP, set Windows Firewall exceptions for Windows Management Instrumentation (WMI)

                For Vista, run script and wmic in elevated command shell

Next: Configure the TS session limit remotely

 DISCLAIMER: This posting is provided "AS IS" with no warranties, and confers no rights.  Use of included script samples are subject to the terms specified at http://www.microsoft.com/info/cpyright.htm

 

Attachment: EnableRemoteDesktop.zip
Leave a Comment
  • Please add 2 and 5 and type the answer here:
  • Post
  • How to Configure TS session limit remotely TS provides many settings that allow an administrator to customize

  • Can you publish applications via WMI too? If not, is there an API for this?

  • Shannon,

    In Longhorn Server, there is a wmi provider (tsallow) with serveral class templates that can be used to populate the Allow List. Please take a look at tsallow.mof located at %windir%\system32\wbem\tsallow.mof

    Thanks

    Soo Kuan

  • Hi. Since you are a member of the Terminal Services Team could you provide some insight into the following implementation question regarding Windows 2003 Server & Terminal Services & RDP. We are looking at a major deployment of a windows desktop application for 12 thousand users. The hosting company is quite insistent upon Citrix.  Our question is could we do this without the use of Citrix and without goinf to 2008 Server Series? If there is a better place to insert this question in order to get a response from yourself or anyone else on th Terminal Server Team kindly let us know where to post this question.  Thanks in advance.

  • Worthware, this is an inpossible question to answer based only upon quantity of users.  Other things that will need to be taken into account would be the number of different applications, compatibility of those applications, how you plan to manage the servers that would be hosting these sessions (as 2008 TS has no centralized management console), how many concurrent sessions, what type of clients you have (Windows 2000, XP, Vista, Linux, Mac, Sun...),.... just to start.  What kind of skill-set your IT department has related to Server Based Computing should also be considered, as installing applications on TS, and managing TS is quite different than any other type of Windows Management.  For customers that have no experience with Terminal Services, but have a Virtual Inforastructure like VMware ESX or Virtual Iron, I'd recommend looking at a VDI Product like Quest's Provision Networks Virtual Access Suite for VDI.  With this you're managing individual hosted XP Pro or Vista Desktops, where the software can be managed by the same desktop team that typically manages the desktops, without needing any knowledge of Terminal Services application compatibility.

    Other Terminal Server Add-ons (in addition to Citrix) are Provision Networks Virtual Access Suite and Ericom PowerTerm WebConnect are other add-on suites for Terminal Services.

    If you'd like to discuss your situation in detail, feel free to contact me at FirstName.LastName@quest.com

    Patrick Rouse

    Microsoft MVP - Terminal Server

  • Hi,

    I want to publish apps using wmi providers(Using classes of tsallow.mof file as suggest Soo Kuan).

    I only got to see published applications, but no way to add new ones.

    Somebody know if is possible to got it??

    Thanks and excuse my poor english :-)

  • For those who use VC++, here is a good article on Enabling TS using WMI in C++.

    <a href="http://www.vedivi.com/blog/2008/05/how-to-enable-remote-desktop-programmatically/">http://www.vedivi.com/blog/2008/05/how-to-enable-remote-desktop-programmatically/</a>

    Hope it helps the C++ guys like it helped me.

  • Sorry, messed up the url, here it is:

    http://www.vedivi.com/blog/2008/05/how-to-enable-remote-desktop-programmatically/

  • Hi,

         I'm working in Windows XP. The multiple sessions in Remote desktop got activated. That causes a big problem. I need to disable the multiple session in remote desktop connection. Could you please give me the solution so that I can disable the sessions.

    Thank  you

    Daniel

  • C:\Windows\system32>wmic RDToggle where servername="gfg-group115" call SetAllowT

    SConnections 1

    Unexpected switch at this level.

    C:\Windows\system32>

Page 1 of 1 (10 items)